From 848d652ac71ce4192f83283f0ad8905be6b07cd0 Mon Sep 17 00:00:00 2001 From: coolneng Date: Tue, 8 Apr 2025 02:45:56 +0200 Subject: [PATCH] Redirect all URLs to new domain --- configuration.nix | 17 +++++---- modules/devops.nix | 4 +-- modules/information.nix | 4 --- modules/monitoring.nix | 2 +- modules/networking.nix | 33 +++++++++++------ modules/webstack.nix | 72 ++++++++++++++++++++++--------------- secrets/acme-duckdns.age | Bin 0 -> 263 bytes secrets/acme-porkbun.age | 5 +++ secrets/acme.age | Bin 263 -> 0 bytes secrets/inadyn-porkbun.age | 11 +++--- secrets/secrets.nix | 3 +- well-known/matrix/client | 2 +- well-known/matrix/server | 2 +- 13 files changed, 95 insertions(+), 60 deletions(-) create mode 100644 secrets/acme-duckdns.age create mode 100644 secrets/acme-porkbun.age delete mode 100644 secrets/acme.age diff --git a/configuration.nix b/configuration.nix index 1f1b50d..4fc3501 100644 --- a/configuration.nix +++ b/configuration.nix @@ -206,11 +206,6 @@ with pkgs; owner = "matrix-as-signal"; group = "matrix-as-signal"; }; - secrets.acme = { - file = secrets/acme.age; - owner = "acme"; - group = "nginx"; - }; secrets.inadyn-duckdns = { file = secrets/inadyn-duckdns.age; owner = "inadyn"; @@ -221,13 +216,23 @@ with pkgs; owner = "inadyn"; group = "inadyn"; }; + secrets.acme-duckdns = { + file = secrets/acme-duckdns.age; + owner = "acme"; + group = "nginx"; + }; + secrets.acme-porkbun = { + file = secrets/acme-porkbun.age; + owner = "acme"; + group = "nginx"; + }; identityPaths = [ "/etc/ssh/id_ed25519" ]; }; # Auto-upgrade the system system.autoUpgrade = { enable = true; - flake = "/root/system"; + flake = "/home/coolneng/system"; flags = [ "--update-input agenix --update-input nixpkgs" "--commit-lock-file" diff --git a/modules/devops.nix b/modules/devops.nix index 3b26616..d125417 100644 --- a/modules/devops.nix +++ b/modules/devops.nix @@ -21,8 +21,8 @@ settings = { server = { DISABLE_SSH = true; - DOMAIN = "git.coolneng.duckdns.org"; - ROOT_URL = "https://git.coolneng.duckdns.org"; + DOMAIN = "git.psydnd.org"; + ROOT_URL = "https://git.psydnd.org"; }; service.DISABLE_REGISTRATION = true; session.COOKIE_SECURE = true; diff --git a/modules/information.nix b/modules/information.nix index 7c95563..a2fd17c 100644 --- a/modules/information.nix +++ b/modules/information.nix @@ -10,10 +10,6 @@ services.miniflux = { enable = true; adminCredentialsFile = config.age.secrets.miniflux.path; - config = { - BASE_URL = "https://rss.coolneng.duckdns.org"; - DISABLE_HSTS = 1; - }; }; # Php-fpm pool for Wallabag diff --git a/modules/monitoring.nix b/modules/monitoring.nix index d9ac3dd..0f9f369 100644 --- a/modules/monitoring.nix +++ b/modules/monitoring.nix @@ -81,7 +81,7 @@ with pkgs; services.grafana = { enable = true; settings.server = { - domain = "grafana.coolneng.duckdns.org"; + domain = "grafana.psydnd.org"; http_port = 9009; http_addr = "127.0.0.1"; }; diff --git a/modules/networking.nix b/modules/networking.nix index 67a4891..ad64ba5 100644 --- a/modules/networking.nix +++ b/modules/networking.nix @@ -37,20 +37,31 @@ in services.inadyn = { enable = true; interval = "*:0/30"; - settings = { - provider."duckdns" = { - hostname = "coolneng.duckdns.org"; - include = config.age.secrets.inadyn-duckdns.path; - }; - custom."porkbun.com" = { - ddns-server = "dynamicdns.park-your-domain.com"; - ddns-path = "/update?domain=%u&password=%p&host=%h"; - hostname = "psydnd.org"; - include = config.age.secrets.inadyn-porkbun.path; - }; + settings.provider."duckdns" = { + hostname = "coolneng.duckdns.org"; + include = config.age.secrets.inadyn-duckdns.path; }; }; + # Dynamic DNS configuration for Porkbun + # NOTE Temporary workaround until Inadyn fixes the Porkbun module + services.oink = { + enable = true; + settings = { + apiKey = "PLACEHOLDER"; + secretApiKey = "PLACEHOLDER"; + interval = 1800; + }; + domains = [ + { + domain = "psydnd.org"; + subdomain = ""; + } + ]; + }; + # NOTE Load credentials using environment variables + systemd.services.oink.serviceConfig.EnvironmentFile = config.age.secrets.inadyn-porkbun.path; + # Firewall configuration networking.firewall = { allowedTCPPorts = [ diff --git a/modules/webstack.nix b/modules/webstack.nix index 4ff871e..9e5409f 100644 --- a/modules/webstack.nix +++ b/modules/webstack.nix @@ -34,15 +34,12 @@ proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; ''; virtualHosts = { + # Old domain being redirected "coolneng.duckdns.org" = { useACMEHost = "coolneng.duckdns.org"; forceSSL = true; - # Redirect from legacy subdirectory URL to subdomain locations = { - "/radicale/".return = "301 https://radicale.coolneng.duckdns.org"; - "/syncthing/".return = "301 https://sync.coolneng.duckdns.org"; - "/gitea/".extraConfig = "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;"; - "/miniflux/".extraConfig = "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;"; + "/".return = "301 https://psydnd.org$request_uri"; # Delegation for Matrix "/.well-known/" = { alias = "${../well-known}" + "/"; @@ -54,9 +51,20 @@ }; }; }; - "radicale.coolneng.duckdns.org" = { + # Redirect subdomains + "~^(?.+)\.coolneng\.duckdns\.org$" = { useACMEHost = "coolneng.duckdns.org"; forceSSL = true; + locations."/".return = "301 https://$subdomain.psydnd.org$request_uri"; + }; + # Current domain + "psydnd.org" = { + useACMEHost = "psydnd.org"; + forceSSL = true; + }; + "radicale.psydnd.org" = { + useACMEHost = "psydnd.org"; + forceSSL = true; locations."/" = { proxyPass = "http://localhost:5232/"; extraConfig = '' @@ -65,30 +73,30 @@ ''; }; }; - "sync.coolneng.duckdns.org" = { - useACMEHost = "coolneng.duckdns.org"; + "sync.psydnd.org" = { + useACMEHost = "psydnd.org"; forceSSL = true; locations."/".proxyPass = "http://localhost:8384/"; }; - "git.coolneng.duckdns.org" = { - useACMEHost = "coolneng.duckdns.org"; + "git.psydnd.org" = { + useACMEHost = "psydnd.org"; forceSSL = true; locations."/" = { proxyPass = "http://localhost:3000/"; extraConfig = '' ${config.services.nginx.commonHttpConfig} # Disable embedding as a frame, except from the same origin - add_header Content-Security-Policy "frame-src git.coolneng.duckdns.org; frame-ancestors git.coolneng.duckdns.org"; + add_header Content-Security-Policy "frame-src git.psydnd.org; frame-ancestors git.psydnd.org"; ''; }; }; - "rss.coolneng.duckdns.org" = { - useACMEHost = "coolneng.duckdns.org"; + "rss.psydnd.org" = { + useACMEHost = "psydnd.org"; forceSSL = true; locations."/".proxyPass = "http://localhost:8080/"; }; - "matrix.coolneng.duckdns.org" = { - useACMEHost = "coolneng.duckdns.org"; + "matrix.psydnd.org" = { + useACMEHost = "psydnd.org"; forceSSL = true; listen = [ # IPv4 @@ -116,18 +124,18 @@ ]; locations."~ ^(/_matrix|/_synapse/client)".proxyPass = "http://localhost:8008"; }; - "element.coolneng.duckdns.org" = { - useACMEHost = "coolneng.duckdns.org"; + "element.psydnd.org" = { + useACMEHost = "psydnd.org"; forceSSL = true; locations."/".root = pkgs.element-web.override { conf.default_server_config = { - "m.homeserver"."base_url" = "https://matrix.coolneng.duckdns.org"; + "m.homeserver"."base_url" = "https://matrix.psydnd.org"; "m.identity_server"."base_url" = "https://vector.im"; }; }; }; - "wallabag.coolneng.duckdns.org" = { - useACMEHost = "coolneng.duckdns.org"; + "wallabag.psydnd.org" = { + useACMEHost = "psydnd.org"; forceSSL = true; root = "${pkgs.wallabag}/web"; locations = { @@ -147,8 +155,8 @@ }; }; }; - "books.coolneng.duckdns.org" = { - useACMEHost = "coolneng.duckdns.org"; + "books.psydnd.org" = { + useACMEHost = "psydnd.org"; forceSSL = true; locations."/" = { proxyPass = "http://localhost:9000/"; @@ -159,8 +167,8 @@ ''; }; }; - "grafana.coolneng.duckdns.org" = { - useACMEHost = "coolneng.duckdns.org"; + "grafana.psydnd.org" = { + useACMEHost = "psydnd.org"; forceSSL = true; locations."/" = { proxyPass = "http://localhost:9009/"; @@ -177,10 +185,18 @@ email = "akasroua@disroot.org"; group = "nginx"; }; - certs."coolneng.duckdns.org" = { - domain = "*.coolneng.duckdns.org"; - dnsProvider = "duckdns"; - environmentFile = config.age.secrets.acme.path; + certs = { + "coolneng.duckdns.org" = { + domain = "*.coolneng.duckdns.org"; + dnsProvider = "duckdns"; + environmentFile = config.age.secrets.acme-duckdns.path; + }; + "psydnd.org" = { + domain = "psydnd.org"; + extraDomainNames = [ "*.psydnd.org" ]; + dnsProvider = "porkbun"; + environmentFile = config.age.secrets.acme-porkbun.path; + }; }; }; diff --git a/secrets/acme-duckdns.age b/secrets/acme-duckdns.age new file mode 100644 index 0000000000000000000000000000000000000000..fe9c89fd14cbae5b9c518667dcac144336b9ad27 GIT binary patch literal 263 zcmV+i0r>u5XJsvAZewzJaCB*JZZ2F=|C{T2x_jc4RMYZ#GkMF=THvMrR6TXg5<)POJZ|0W-u>Ca7_v=EiE8TI8iHXXJ|PuW_4CI zZ)taEGkS7QGe%}bcyvQbQ#p2LZfGlYLo!Z5O>YV#X;EQ^HuLW(+^$?`6BwSUIbFg4 z@Tiu7`a)CnCd$SrZ$N=Jz8(08bb6_=$tt;r$P8N*Ul_XdBd2PNrVhR8N literal 0 HcmV?d00001 diff --git a/secrets/acme-porkbun.age b/secrets/acme-porkbun.age new file mode 100644 index 0000000..feaf2cb --- /dev/null +++ b/secrets/acme-porkbun.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 iUaRGg 7JImhL2Wo/eJEwUGP+NhEf36yq5gHO9q1GYhY2HaMAY +eAMhD0sqHQS+aayBpOsY8+081i72QAhJCFbBe0//uwU +--- 4K8cXsDuWZrmWNJ+rz166ej9o/gLFc7CfJuzAsG0BxA +|. ff=-X$P: MB z!7N7ie!fFɄvM"4R_w|Gtlu5XJsvAZewzJaCB*JZZ2T0(edZ8TR|dS*pTbW=rkS66UyGD!+8EiE8zX?jj@dQ(hT diff --git a/secrets/inadyn-porkbun.age b/secrets/inadyn-porkbun.age index 7fab583..3e00a89 100644 --- a/secrets/inadyn-porkbun.age +++ b/secrets/inadyn-porkbun.age @@ -1,6 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 iUaRGg mjl2NVhvZ+j87U5JLDcun7Lr7nUD9/Ci2mbZbcvn6hk -xzJaZDEwcZmd/qUGMWoFsj6ylsevriwlwVi8znyRpSk ---- IoNqE7dzWBlVySCznCJDS4KEOfBPazWvdzK2GmyQyIw -h_CA~~;nDt]]g¨ -|4M6Y gO.:\Ng/֗iuxm b=6{3 oMG;l^l޵`BnLx|,d29{*|L;!͜ܕVkؚ$:4qG ٪ińAA Aə \ No newline at end of file +-> ssh-ed25519 iUaRGg Fj/IEMc+EwPbxVYPdM1tUF0V1vL8F0yN7wPCTcDOoQI +ORL8EAnKTo5Fot3qRDYClGvmtPliWA49aQWBpzqLFxo +--- FrEg81sAO/xlmYLGMqb9aF4o61J57Cqdb6Qoh7h2Zxg +ɱw >xK} g݇(܋O Vh]r!wx1ܙj!}U  +XB DAc sd]0[zi0߬"9]Aŵà1yaJwk0Yh6\\W3:{1'{tۚ> WEODˌ'T#>P]?dPP8)? +g73 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2222d6e..beac3e2 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -15,7 +15,8 @@ in "mqtt-receiver.age".publicKeys = [ zion ]; "facebook.age".publicKeys = [ zion ]; "signal.age".publicKeys = [ zion ]; - "acme.age".publicKeys = [ zion ]; "inadyn-duckdns.age".publicKeys = [ zion ]; "inadyn-porkbun.age".publicKeys = [ zion ]; + "acme-duckdns.age".publicKeys = [ zion ]; + "acme-porkbun.age".publicKeys = [ zion ]; } diff --git a/well-known/matrix/client b/well-known/matrix/client index 50aedbb..7678438 100644 --- a/well-known/matrix/client +++ b/well-known/matrix/client @@ -1,5 +1,5 @@ { "m.homeserver": { - "base_url": "https://matrix.coolneng.duckdns.org" + "base_url": "https://matrix.psydnd.org" } } diff --git a/well-known/matrix/server b/well-known/matrix/server index e3f2a32..ef17b4d 100644 --- a/well-known/matrix/server +++ b/well-known/matrix/server @@ -1 +1 @@ -{ "m.server": "matrix.coolneng.duckdns.org:443" } +{ "m.server": "matrix.psydnd.org:443" }